Sonic's AntiSpam detection systems making life harder

General discussions and other topics.
13 posts Page 1 of 2
by tikvah » Wed Apr 24, 2019 9:30 am
I already get daily emails from Sonic with a list of all my Graymail. Starting a few days ago, I've been getting additional emails saying:

"Sonic's AntiSpam detection systems have identified this email as
possible spam. The original message has been attached to this report
so you can view it (if it isn't spam.) If this is a false positive,
you may want to whitelist the sender or messages subject using our
member tools."

What is the possible advantage to this? Why would I want these extra emails (3-4 a day!) instead of incorporating the emails into the single email I get every day with my Graymail?

Wait, I was wrong. I've received SEVEN emails so far today, and it's only 9:30am. 13 emails total since it began April 16th.

It then says:

For more information see
http://www.sonic.net/support/faq/advanced/spam.shtml

But when I click on the link, it redirects to
https://help.sonic.com/hc/en-us

Not helpful!

Please rethink this. I already have to deal with spam folders on Graymail and within my mail program. The last thing I want is several in-your-face emails every day I have to deal with individually. I can't even sort them into my Junk folder because they're not from Sonic, they're from the original sender.

If you insist on keeping this bizarre experiment, at least tell me how to turn it off in my account (not that I want to log into all 6 or so of my accounts to make this happen).

Thank you.
by goetsch » Wed Apr 24, 2019 11:41 am
I've seen similar behavior over the past couple of days. It looks like several of the messages, even though they have been identified as SPAM, as evidenced by the "Sonic's AntiSpam detection systems have identified this email as possible spam" text added to them still ended up in my inbox. Boo!
by drew.phillips » Wed Apr 24, 2019 11:59 am
Yesterday afternoon at around 4:30 PM a new local delivery server was deployed, but due to a configuration issue it was delivering messages identified as spam to the inbox instead of the Graymail folder. Spam messages received by this system only were erroneously placed in the inbox.

This has been corrected as of this morning at 9:45 AM. Apologies for the confusion and please treat any message delivered to your Inbox with the "AntiSpam detection" message as spam that should have been delivered to Graymail.
Drew Phillips
Programmer / System Operations, Sonic.net
by tikvah » Wed Apr 24, 2019 1:52 pm
Thank you Drew! I'm glad to hear it was an error and is being fixed.
by goetsch » Tue Apr 30, 2019 5:07 pm
Looks like the graymail-in-inbox problem is back. I've gotten email today (in a couple different accounts) carrying the this-is-spam text:

Sonic's AntiSpam detection systems have identified this email as
possible spam. The original message has been attached to this report
so you can view it (if it isn't spam.) If this is a false positive,
you may want to whitelist the sender or messages subject using our
member tools.


One of those messages tells me

Content analysis details: (28.4 points, 5.0 required)


Another says

Content analysis details: (28.5 points, 5.0 required)


Looks like it's time to tighten things up again...
by patty1 » Tue Apr 30, 2019 9:14 pm
Drew, I try to minimize the number of messages that go into my graymail folder so I can scan it quickly for false positives, so I added some items under Blacklist Subject on members.sonic.net to catch spam before it gets to graymail. I used single words from the spam subject lines, and tried them with and without leading/trailing asterisks, but those subjects are still showing up in graymail. What am I doing wrong?

E.g.:
keto
*keto*
vivint
*vivint*
by random.1 » Wed May 01, 2019 4:05 pm
patty1 wrote:
Drew, I try to minimize the number of messages that go into my graymail folder so I can scan it quickly for false positives, so I added some items under Blacklist Subject on members.sonic.net to catch spam before it gets to graymail. I used single words from the spam subject lines, and tried them with and without leading/trailing asterisks, but those subjects are still showing up in graymail. What am I doing wrong?

I think that, by default, blacklisted mail is _supposed_ to go to graymail. See Member Tools -> Email -> Spam Filtering -> General Configuration -> Blacklisted Message Handling.
by patty1 » Wed May 01, 2019 5:58 pm
Hi, random. You're right about the default, but I long ago chose the other option:

Discard messages matching Blacklists
If "discard messages" is selected, messages matching the Blacklist Address or Blacklist Subject rules will be discarded and will not be delivered to your inbox or Graymail.

For some reason, my Blacklist Subject settings aren't doing that.
by drew.phillips » Thu May 02, 2019 11:28 am
Hi Patty,

If the messages aren't being discarded, my first guess is that they are using a trick that is preventing the subject blacklist match from working, though these tricks typically don't make the messages any less likely to be caught as spam.

If you could forward the message headers from one or two messages to support@sonic.net with attention to me, we can confirm.

I suspect they are using homoglyphs and encoding the subjects with UTF-8 or a character set from a non-English language and using characters that look identical to an "e" or "o", but are in fact different. You can see some examples of them here: https://www.irongeek.com/homoglyph-attack-generator.php

By examining the subject lines in the message headers, we can confirm whether this is what's happening or if there is something else going on that can be more easily addressed with the blacklist settings.
Drew Phillips
Programmer / System Operations, Sonic.net
by patty1 » Thu May 02, 2019 12:09 pm
Good idea, Drew, let me check some messages for that trick.

I think I can also trap some of them by filtering on the From Address instead of Subject, using common words that appear in multiple forms in the sending address. (E.g. "*walkin*" should catch both "walkinbathtub" and "walkin-bathtub".)
13 posts Page 1 of 2

Who is online

In total there are 7 users online :: 1 registered, 0 hidden and 6 guests (based on users active over the past 5 minutes)
Most users ever online was 422 on Sat May 26, 2012 5:28 am

Users browsing this forum: Google [Bot] and 6 guests